New Service: CORS & SSL Proxy

Sebastian Kippe ·

Good news, everyone! We just activated a new service, which will be included for free in all upcoming subscription plans (and even the free tier). It’s a fast, reliable proxy that you can use to connect to APIs, which don’t support CORS or HTTPS or both.

Why?

When creating a client-side web app using existing APIs, you will often face the problem, that the API doesn’t support Cross-Origin Resource Sharing, which means it is missing some HTTP headers, which would allow your HTML5 app to talk to it directly. If these headers aren’t set, browsers will refuse to make cross-domain requests to that API.

And sometimes you might want to connect to an API or website that isn’t available via HTTPS, meaning if you deliver your app with SSL encryption (which you should do, and we do for you automatically), browsers will show red-flag warnings about unsecure content in the best case, and plainly not start the requests at all in the worst case.

So, here you go

In order to solve these 2 problems for you, we just added a special proxy service to our platform. It will forward all requests to allowed domains exactly as they are, and return the original response plus CORS headers (unless they are sent by the remote host).

In order to set it up, just head to the new Proxy settings page in the app settings panel, and add the domain or subdomain of a remote service you want to use from your app:

Screenshot

That’s it. Now you can make requests to any URI on that domain by using our proxy address with the uri parameter:

https://cors.5apps.com/?uri=https://api.github.com/orgs/5apps

If you want to see this in action, we actually already use the proxy for the HTML5Please API (which isn’t available via HTTPS), when you enable the HTML5Please deployment strategy for your app.

Privacy

Sending your users’ requests through a hosted service obviously raises questions about the privacy of the transmitted data, so we want to be clear about that upfront:

  1. We do not log any request or response bodies whatsoever.
  2. We do log request URIs and we will monitor excessive and abusive usage of the service. However, we have a strict internal policy and restrictions for accessing these logs.
  3. If you use this service, you should inform your users about that in your app’s privacy policy.

Questions? Feedback?

As always, feel free to ask us anything or tell us what you think! Add a comment below, tweet us something, or use the support site.